diff options
author | Colin Walters <walters@verbum.org> | 2004-11-09 06:11:33 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2004-11-09 06:11:33 +0000 |
commit | 935a41a04c3f638134fa905503fc41ddbd18902f (patch) | |
tree | 0f6dee53c28bba5a8ce6658b634c66ba1cc5abda /bus/bus.c | |
parent | 2f5e949851f7704b296f55ce1d1fcc4480176107 (diff) |
2004-11-09 Colin Walters <walters@verbum.org>
* dbus/dbus-string.c (_dbus_string_get_length): New
function, writes DBusString to C buffer.
* dbus/dbus-string.h: Prototype it.
* dbus/dbus-message.c (dbus_message_type_to_string): New
function, converts message type into C string.
* dbus/dbus-message.h: Prototype it.
* bus/selinux.c (bus_selinux_check): Take source pid,
target pid, and audit data. Pass audit data to
avc_has_perm.
(log_audit_callback): New function, appends extra
audit information.
(bus_selinux_allows_acquire_service): Also take
service name, add it to audit data.
(bus_selinux_allows_send): Also take message
type, interface, method member, error name,
and destination, and add them to audit data.
(log_cb): Initialize func_audit.
* bus/selinux.h (bus_selinux_allows_acquire_service)
(bus_selinux_allows_send): Update prototypes
* bus/services.c (bus_registry_acquire_service): Pass
service name to bus_selinux_allows_acquire_service.
* bus/bus.c (bus_context_check_security_policy): Pass
additional audit data. Move assignment of dest
to its own line.
Diffstat (limited to 'bus/bus.c')
-rw-r--r-- | bus/bus.c | 24 |
1 files changed, 19 insertions, 5 deletions
@@ -1127,12 +1127,20 @@ bus_context_check_security_policy (BusContext *context, if (sender != NULL) { + const char *dest; + + dest = dbus_message_get_destination (message); + /* First verify the SELinux access controls. If allowed then * go on with the standard checks. */ - if (!bus_selinux_allows_send (sender, proposed_recipient)) + if (!bus_selinux_allows_send (sender, proposed_recipient, + dbus_message_type_to_string (dbus_message_get_type (message)), + dbus_message_get_interface (message), + dbus_message_get_member (message), + dbus_message_get_error_name (message), + dest ? dest : DBUS_SERVICE_ORG_FREEDESKTOP_DBUS)) { - const char *dest = dbus_message_get_destination (message); dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender " "from sending this message to this recipient " @@ -1255,7 +1263,9 @@ bus_context_check_security_policy (BusContext *context, proposed_recipient, message)) { - const char *dest = dbus_message_get_destination (message); + const char *dest; + + dest = dbus_message_get_destination (message); dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "A security policy in place prevents this sender " "from sending this message to this recipient, " @@ -1280,7 +1290,9 @@ bus_context_check_security_policy (BusContext *context, addressed_recipient, proposed_recipient, message)) { - const char *dest = dbus_message_get_destination (message); + const char *dest; + + dest = dbus_message_get_destination (message); dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "A security policy in place prevents this recipient " "from receiving this message from this sender, " @@ -1304,7 +1316,9 @@ bus_context_check_security_policy (BusContext *context, dbus_connection_get_outgoing_size (proposed_recipient) > context->limits.max_outgoing_bytes) { - const char *dest = dbus_message_get_destination (message); + const char *dest; + + dest = dbus_message_get_destination (message); dbus_set_error (error, DBUS_ERROR_LIMITS_EXCEEDED, "The destination service \"%s\" has a full message queue", dest ? dest : (proposed_recipient ? |